I am having an issue with an ASA 5512. It will randomly lock up and from the point on no traffic passes through. The only way to access it at that point is to access via console. When trying to access via SSH we get the banner login and are able to enter a username and password but when the password has been entered it freezes at that point.
It has been updated to the latest firmware and the latest ASDM software is also installed.
I had setup syslog and captured some logs. The syslog reveals nothing untoward when the ASA decides to stop letting traffic pass. The only thing highlighted "System is low on free memory blocks of size 256 (0 CNT out of 20000 MAX)" From what I saw on another thread it was cosmetic whatever that meant.
CPU, fans and temperature are reporting fine. However I can see and invalid Ioctl error. I have attached this. Not exactly sure what it means but this led me down to checking the flash drive. I could see corruption here. I removed the corrupt files but I am unable to run the file system check because the drive is mounted.
My other suspicion for the lock up is memory. No matter what we do, whether disabling or enabling additional features it remains at a pretty constant 50% in use.
Not exactly sure where to go next but would be grateful for suggestions.
256 block size count going to 0 is definitely a problem. There are 2 open bugs that I can see:
Do you have any syslogs apart from the block count message that shows up just before the issue? I would definitely contact TAC to troubleshoot this a little more.
I had noticed this last weekend: https://bst.cloudapps.cisco.com/bugsearch/bug/CSCva80364
I lowered to level 3 and below. The same problem happened. Internet connectivity lost and remote management lost. I then turned off syslog and the same problem occurred.
As for the issue with VTI, we do have a tunnel in place for our Azure environment. I would need to investigate if this is part of the problem.
Nothing unusual accept TCP teardown logs and warnings 5 minutes before it goes down.
PRTG warns about the memory block issue 3-4 hours before the actual firewall goes down. Unfortunately the device doesn't have a contract.